Secure and efficient authentication in Wireless Mesh Networks using merkle trees

In the recent years, wireless mesh network (WMN) has evolved as a new paradigm for broadband wireless Internet access. The self-configurability, open wireless infrastructure, and different management styles of WMN make them vulnerable to malicious attackers. As a first step to secure WMNs, it is critical to incorporate an authentication mechanism for mesh clients. The existing proposals are primarily based on public key certificates, which incur considerable overhead in signature verification. We propose a network layer authentication mechanism called Merkle Tree based Mesh Authentication Protocol (MT-MAP) for WMNs. It incorporates inexpensive hash operations using Merkle tree to authenticate single/multihop mesh clients. We also show how the use of hash tree facilitates fast and periodic refresh of authentication certificates. Finally, we present a security analysis of MT-MAP against impersonation and replay attacks.

[1]  D. Berbecaru,et al.  MBS-OCSP: an OCSP based certificate revocation system for wireless environments , 2004, Proceedings of the Fourth IEEE International Symposium on Signal Processing and Information Technology, 2004..

[2]  Mohan Parthasarathy,et al.  Protocol for Carrying Authentication and Network Access (PANA) Threat Analysis and Security Requirements , 2005, RFC.

[3]  Dharma P. Agrawal,et al.  Selfishness in mesh networks: wired multihop MANETs , 2008, IEEE Wireless Communications.

[4]  Hitesh Tewari,et al.  Lightweight AAA for Cellular IP , 2001 .

[5]  Dan Simon,et al.  PPP EAP TLS Authentication Protocol , 1999, RFC.

[6]  H. Chaouchi,et al.  Security architecture in a multi-hop mesh network 1 , 2006 .

[7]  Romano Fantacci,et al.  Analysis of secure handover for IEEE 802.1x-based wireless ad hoc networks , 2007, IEEE Wireless Communications.

[8]  Dharma P. Agrawal,et al.  Secured macro/micro-mobility protocol for multi-hop cellular IP , 2006, Pervasive Mob. Comput..

[9]  D. Stebila Slightly Improved Merkle Tree Traversal for User Authentication Using Pseudorandomly-Generated Leaves , 2006 .

[10]  Ralph C. Merkle,et al.  Protocols for Public Key Cryptosystems , 1980, 1980 IEEE Symposium on Security and Privacy.

[11]  Chinya V. Ravishankar,et al.  Dynamic Merkle Trees for Verifying Privileges in Sensor Networks , 2006, 2006 IEEE International Conference on Communications.

[12]  Yuguang Fang,et al.  A secure authentication and billing architecture for wireless mesh networks , 2007, Wirel. Networks.

[13]  Peng Ning,et al.  An efficient scheme for authenticating public keys in sensor networks , 2005, MobiHoc '05.

[14]  Simon Blake-Wilson,et al.  EAP Tunneled TLS Authentication Protocol Version 1 (EAP-TTLSv1) , 2006 .

[15]  Russ Housley,et al.  Internet X.509 Public Key Infrastructure Certificate and CRL Profile , 1999, RFC.

[16]  Ana R. Cavalli,et al.  Light Client Management Protocol for Wireless Mesh Networks , 2006, 7th International Conference on Mobile Data Management (MDM'06).

[17]  Dan Forsberg,et al.  Protocol for Carrying Authentication for Network Access (PANA) , 2008, RFC.

[18]  Seung-Woo Seo,et al.  Optimized Hash Tree for Authentication in Sensor Networks , 2007, IEEE Communications Letters.

[19]  Guido R. Hiertz,et al.  Principles of IEEE 802.11s , 2007, 2007 16th International Conference on Computer Communications and Networks.